Conventional security mechanisms, such as Advanced Encryption Standard (AES), e.g., AES-128, AES-192 and AES-256 specified by the National Institute of Standards and Technology (NIST) and used worldwide, target on data confidentiality by encryption of electronic data. The encrypted data are dump data, meaning that they cannot support any management required functions such as searching, statistical analysis or comparing. These schemes are not suitable for organizations to outsource data management on untrusted servers since they do not support searching functionality on encrypted data. There exist encryption mechanisms which support searching on encrypted data, such as deterministic (DET) encryption for equality checking, order-preserving encryption (OPE) for range checking, homomorphic encryption (HOM) for secure data update and so on. However, there are various problems associated with such encryption mechanisms. For example, ciphertext with DET may leak access pattern and thus has the potential to leak data, OPE may leak the order of data, existing HOM mechanism involves high computational complexity, which may be too expensive to put into practice.
A need therefore exists to provide a method and a system for generating a ciphertext, a method and a system for decrypting a ciphertext, and a method and a system for searching ciphertexts in a database that seek to overcome, or at least ameliorate, one or more of the deficiencies in conventional methods and systems. It is against this background that the present invention has been developed.